Written by Julie James, Sales Director, Certificate Solutions,  Europe, Entrust

IT teams are responsible for a growing attack surface, as more digital platforms and tools are used across their organisation both inside and outside of their network. A recent study conducted by Entrust identified concerning trends in attitudes toward data privacy and highlighted why maintaining cybersecurity standards is more of a priority now than ever before.

All businesses can work toward adopting an “always on” approach to preventing data breaches and maintaining digital vigilance. Enterprises have a responsibility to customers and partners to implement comprehensive cybersecurity measures, but there are a few simple steps organisations can take toward better data privacy practices.

• Outline your data protection strategy to customers: Be upfront and clear about your data privacy practices with your customers. Our data showed that consumers are looking to companies to show them how their information is secure and how they can protect personal data themselves. Embrace that role.

• If a breach occurs, be transparent: This tip seems obvious, but not all companies practice it. Customers expect this sort of direct communication, forty-six percent of respondents said it’s on organisations to inform them when a breach happens. In addition, General Data Protection Regulation (GDPR), dictates that businesses must notify those impacted by personal data breaches within 72 hours of becoming aware of the security event. Therefore, businesses must work quickly to contain the breach and alert those impacted by it as soon as possible. It is necessary to have a crisis communications plan to be one step ahead of the breach situation and have less details to think of in the moment. Be brief, direct and factual in sharing the details with impacted parties.

• Deploy multi-factor authentication (MFA): Apply two or more authenticators to keep workforce identities secure and help prevent potential breaches. For consumers, consider low friction MFA like mobile push notifications or smartphone biometric reading.

• Adopt adaptive risk-based authentication: Leverage an added authentication challenge when warranted. Instances when a user logs in from a new device for the first time, signs on at an abnormal time of the day or logs in from a different geolocation are all suitable examples.

• Go passwordless: We’re telling consumers to practice good password hygiene, use encryption and be vigilant. However, people still make mistakes, which is why eliminating passwords entirely is an even better option altogether. Removing the password effectively stops all password-based attacks. Credential-based password authentication provides substantial protection to keep workforce identities secure. Consumer friendly options for going passwordless include mobile push notifications and FIDO tokens.

One of the main data security challenges businesses face in 2021 is to maintain data security practices when employees are away from a central office space and become more vulnerable to digital threats. Recent data collected by Entrust identified that although 64% of consumers surveyed had grown increasingly concerned about data privacy in the past year, many have not changed their behaviour to protect themselves or their employers online. 43% of respondents admitted that they do not even read the terms and conditions when signing up to new services or downloading software, with 69% of respondents reporting that it simply took too much time. Respondents were also extremely willing to use and store sensitive information on connected devices. But with less than half of respondents knowing about security tools like anti-virus/anti-malware (44%), multi-factor authentication (43%) and encryption (33%), they may not be effectively protecting this sensitive information.

To support employees in changing data privacy habits and adopting cybersecurity best practices, businesses can make these recommendations to make sure employees are safer and more secure.

• Practice good password hygiene: Most people use the same password for all their online accounts — but you shouldn’t. Be proactive about password protection by changing your password regularly and making each of your passwords unique. Also consider enabling advanced authentication, such as multi-factor authentication (i.e., receiving a special code on your smartphone to use in addition to your password).

• Encrypt your devices: Encryption was the technology survey respondents knew the least about — and that needs to change. Encryption makes data unreadable to anyone other than those holding the encryption key. The Information Commissioner’s Office, the leading independent body for information rights, has a great page describing how to protect your personal data with encryption and secure data storage.

• Keep up to date on data security news: A lack of digital literacy could cause difficulties in understanding data privacy or threats to cyber security that could endanger the business. Keeping up to date on terminology, new threats and digital best practices can be done by regularly using trusted sources such as the National Cyber Security Centre (NCSC) in the UK.

Businesses also have a responsibility to educate employees on enterprise security and best practices. However, this sort of internal communication is based on the trust an employee has in the organisation. This is a major challenge around the world as the actions of certain businesses in covering up security failings remain in the collective memory and the fact 2020 brought another slew of major data breaches to light.

Security tool training programmes, clear and concise communication and the distribution of learning resources are the first steps in ensuring employee trust in a business’s capability to protect data. In turn that trust translates into an adoption of daily security best practices and an active, business wide vigilance.

Data security at home is now as important as in the workplace. Businesses and employees have a responsibility to uphold data privacy standards to protect enterprises from digital threats. Our recommendations stem from the need to consider data security in the day-to-day activities rather than only focusing on large security initiatives. Successfully implementing these habits and educating a workforce isolated from IT teams is the most effective method in levelling up an organisation’s data security.